Entries filed under 'Exploit'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to
present and discuss cyber attacks and threat intelligence from a
technical perspective. They cover the full spectrum of exploits and
vulnerabilities, including advanced malware and targeted threats.

The “EternalBlue” exploit (MS017-010) was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block (SMB) protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic Threat Intelligence (DTI) has historically observed similar payloads delivered via exploitation of CVE-2014-6332 vulnerability as well as in some email spam campaigns using powershell commands. Specifically, Backdoor.Nitol has also been linked Read more...

Exploits kit have become increasingly sophisticated throughout the years. Where obfuscation and new zero days were once the only additions in the development cycle, evasive code is now being embedded into the framework and shellcode.